flaschengeist/config.py

@@ -41,29 +41,6 @@ def read_configuration(test_config):
         update_dict(config, test_config)
 
 
-def configure_logger():
-    global config
-    # Read default config
-    logger_config = toml.load(_module_path / "logging.toml")
-
-    if "LOGGING" in config:
-        # Override with user config
-        update_dict(logger_config, config.get("LOGGING"))
-        # Check for shortcuts
-        if "level" in config["LOGGING"]:
-            logger_config["loggers"]["flaschengeist"] = {"level": config["LOGGING"]["level"]}
-            logger_config["handlers"]["console"]["level"] = config["LOGGING"]["level"]
-            logger_config["handlers"]["file"]["level"] = config["LOGGING"]["level"]
-        if not config["LOGGING"].get("console", True):
-            logger_config["handlers"]["console"]["level"] = "CRITICAL"
-        if "file" in config["LOGGING"]:
-            logger_config["root"]["handlers"].append("file")
-            logger_config["handlers"]["file"]["filename"] = config["LOGGING"]["file"]
-            path = Path(config["LOGGING"]["file"])
-            path.parent.mkdir(parents=True, exist_ok=True)
-    logging.config.dictConfig(logger_config)
-
-
 def configure_app(app, test_config=None):
     global config
     read_configuration(test_config)
@@ -71,6 +48,17 @@ def configure_app(app, test_config=None):
     # Always enable this builtin plugins!
     update_dict(config, {"auth": {"enabled": True}, "roles": {"enabled": True}, "users": {"enabled": True}})
 
+    logger_config = toml.load(_module_path / "logging.toml")
+    if "LOGGING" in config:
+        if "level" in config["LOGGING"]:
+            logger_config["loggers"]["flaschengeist"] = {"level": config["LOGGING"]["level"]}
+        if "file" in config["LOGGING"]:
+            logger_config["root"]["handlers"].append("file")
+            logger_config["handlers"]["file"]["filename"] = config["LOGGING"]["file"]
+            path = Path(config["LOGGING"]["file"])
+            path.parent.mkdir(parents=True, exist_ok=True)
+    logging.config.dictConfig(logger_config)
+
     if "secret_key" not in config["FLASCHENGEIST"]:
         logger.warning("No secret key was configured, please configure one for production systems!")
         app.config["SECRET_KEY"] = "0a657b97ef546da90b2db91862ad4e29"

flaschengeist/plugins/auth_ldap/__init__.py

@@ -6,7 +6,8 @@ from typing import Optional
 from flask_ldapconn import LDAPConn
 from flask import current_app as app
 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
-from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE
+from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_SHA
+from ldap3.utils.hashed import hashed
 from werkzeug.exceptions import BadRequest, InternalServerError, NotFound
 
 from flaschengeist import logger
@@ -29,6 +30,7 @@ class AuthLDAP(AuthPlugin):
             LDAP_TLS_VERSION=ssl.PROTOCOL_TLS,
             FORCE_ATTRIBUTE_VALUE_AS_LIST=True,
         )
+        logger.warning(app.config.get("LDAP_USE_SSL"))
         if "ca_cert" in config:
             app.config["LDAP_CA_CERTS_FILE"] = config["ca_cert"]
         else:
@@ -240,7 +242,7 @@ class AuthLDAP(AuthPlugin):
                 password_hash = base64.b64encode(pbkdf2_hmac("sha512", password.encode("utf-8"), salt, rounds)).decode()
                 return f"{{PBKDF2-SHA512}}{rounds}${base64.b64encode(salt).decode()}${password_hash}"
             else:
-                return f"{{SSHA}}{base64.b64encode(sha1(password.encode() + salt).digest() + salt)}"
+                return hashed(HASHED_SALTED_SHA, password)
 
     def _get_groups(self, uid):
         groups = []

setup.py

@@ -33,9 +33,9 @@ setup(
     scripts=["run_flaschengeist"],
     python_requires=">=3.7",
     install_requires=[
-        "Flask >= 2.0",
+        "Flask >= 1.1",
         "toml",
-        "sqlalchemy>=1.4.26",
+        "sqlalchemy>=1.4",
         "flask_sqlalchemy>=2.5",
         "flask_cors",
         "Pillow>=8.4.0",